ESET researchers have discovered a link between the Tesco Bank breach and the Retefe malware. The Retefe trojan horse goes after users’ online banking credentials, which can be then misused to conduct fraudulent transactions. Thousands more could be at risk as there is quite a lengthy list of other banks located in many other countries in this malware’s crosshairs. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
The reason Retefe malware and others like it are so dangerous is that they completely compromise one end of a secure communication. If you and I talk on the phone, only one of our phones needs to be bugged for the bad guy to capture both sides of our conversation. If the bad guy owns your machine, you can put all the security you want on the server and it won’t matter. When you have the user change their password, the bad guy sees it. When you switch up the website process, the bad guy sees that too and can emulate it. The only thing that can be truly effective is a very diligent end user who knows what to look for. That means all the banks can do is offer tips on how to spot the fake sites collecting user data that the malware creates and hope the user is diligent enough to learn and watch for signs of the bad guys at work.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.